<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <link href="../style/main.css" type="text/css" rel="stylesheet">
        <link href="../style/salesperson.css" type="text/css" rel="stylesheet">
        <script type="text/javascript" src="../script/jquery-1.8.2.js"></script>
        <script type="text/javascript" src="../script/js1.js"></script>
        <title></title>
    </head>
    <body>
        <header>
        <?php
        session_start();
        mysql_connect("localhost:3306", "root", "16886611");
        mysql_select_db("digitalsales");
        
        if(isset($_GET["action"])){
            if($_GET["action"]=="logout"){
               $_SESSION["salesman"]=NULL;
               $_SESSION["cartowner"]=NULL;
               $_SESSION["storeid"]=NULL;
            }
        }
        if(!isset($_SESSION["salesman"])||$_SESSION["salesman"]==NULL){
            echo '<ul>
                 <li>
                    <p>YOU HAVE NOT LOGGED IN YET</p>
                  </li>
                </ul>';
        }else{
            echo '<ul>
                <li id="logout">
                  <p><a href="index.php?action=logout">Log out</a></p>
                </li>
                  <li>
                    <p>Welcome back,'.$_SESSION["salesman"].'!</p>
                  </li>
                </ul>';
        }
        
        ?>
        </header>
        <?php
        if(!isset($_SESSION["salesman"])||$_SESSION["salesman"]==NULL){
            echo '<div id="slogin" class="Mainpanel">';
            echo '<div style="width:100px;height: 50px;overflow: visible">
                        <img src="../images/slogin.png" style="width: 800px;height: 150px;margin-left: -100px;margin-top: -75px">
                    </div>';
            echo '<form id="form1" name="form1" method="POST" action="">
                    <label>Username:
                        <input class="textArea" name="username" type="TEXT" id="name">
                    </label><br/>
                    <label>Password:&nbsp;
                        <input class="textArea" name="password" type="password" id="password">
                    </label><br/>
                    <input class="Button" type="submit" name="submit" value="Log in">
                </form>';
            if(isset($_SESSION["error"])&&$_SESSION["error"]!=NULL){
                echo '<p class="error">'.$_SESSION["error"].'</p>';
                $_SESSION["error"]=NULL;
            }
            echo '</div>';
        }else{
            if(!isset($_SESSION["cartowner"])||$_SESSION["cartowner"]==NULL){
                echo '<div id="startTransaction" class="Mainpanel">';
                echo '<div style="width:100px;height: 50px;overflow: visible">
                            <img src="../images/newtrans.png" style="width: 800px;height: 150px;margin-left: -100px;margin-top: -75px">
                        </div>';
                echo '<form id="form1" name="form1" method="POST" action="">
                        <label>User Account:
                            <input class="textArea" name="userAccount" type="TEXT" id="ua">
                        </label><br/>
                        <input class="Button" type="submit" name="submit" value="Start Transaction">
                    </form>';
                if(isset($_SESSION["error"])&&$_SESSION["error"]!=NULL){
                    echo '<p class="error">'.$_SESSION["error"].'</p>';
                    $_SESSION["error"]=NULL;
                }
                echo '</div>';
            }else{
                if(isset($_POST["bpid"])||isset($_POST["bpname"])||isset($_POST["bprice"])||isset($_POST["aamount"])&&isset($_POST["tamount"])){
                    if($_POST["tamount"]>$_POST["aamount"]){
                        $_SESSION["error"]="There aren't enough products for this order!";
                    }else{
                        $sql9="select amount from shopcarts where customer='".$_SESSION["cartowner"]."' and product=".$_POST["bpid"];
                        $result9=mysql_query($sql9);
                        if(mysql_num_rows($result9)>0){
                            while ($res9=mysql_fetch_row($result9)){
                                $newAmount=$res9[0]+$_POST["tamount"];
                                if($newAmount>$_POST["aamount"]){
                                    $newAmount=$_POST["aamount"];
                                    $_SESSION["error"]="You can't buy more than ".$_POST["aamount"]." ".$_POST["bpname"]."!";
                                }
                                $sql10="update shopcarts set amount = ".$newAmount." where customer='".$_SESSION["cartowner"]."' and product=".$_POST["bpid"];
                                mysql_query($sql10);
                            }
                        }else{
                            $sql11="insert into shopcarts values ('".$_SESSION["cartowner"]."',".$_POST["bpid"].",".$_POST["tamount"].")";
                            mysql_query($sql11);
                        }
                    }
                }
                echo '<div class="transparentMainpanel">';
                echo '<div class="sidePanel">';
                    echo '<h2>Shopping Cart for '.$_SESSION["cartowner"].'</h2>';
                    echo '<table class="tablesorter">
                            <thead>
                                <th>Product Name</th>
                                <th>Amount</th>
                                <th>Options</th>
                            </thead>
                            <tbody>';
                    if(isset($_GET["deleteFromCart"])&&$_GET["deleteFromCart"]!=NULL){
                        $sql4="delete from shopcarts where customer='".$_SESSION["cartowner"]."' and product=".$_GET["deleteFromCart"];
                        mysql_query($sql4);
                    }
                    $sql3="select product,amount from shopcarts where customer='".$_SESSION["cartowner"]."'";
                    $result3=mysql_query($sql3);
                    while ($res3=mysql_fetch_row($result3)){
                        $sql5="select name from products where productid=".$res3[0];
                        $result5=mysql_query($sql5);
                        while ($res5=mysql_fetch_row($result5)){
                            $herf='index.php?deleteFromCart='.$res3[0];
                            echo '<tr><td>'.$res5[0].'</td><td>'.$res3[1].'</td><td><div class="cross" onclick="jump(\''.$herf.'\')" ><a herf="index.php?deleteFromCart='.$res3[0].'"><img class="cross" src="../images/cross.jpg"></a></div></td></tr>';
                        }
                    }
                    $proid="";
                    $proname="";
                    $categ="";
                    $needResult=FALSE;
                    if(isset($_POST["productid"])||isset($_POST["productname"])||isset($_POST["category"])){
                        $proid= $_POST["productid"];
                        $proname=$_POST["productname"];
                        $categ=$_POST["category"];
                        $needResult=TRUE;
                    }
                    echo  '</tbody>
                        </table>';
                    echo '<input class="checkoutButton" onclick="jump(\'checkout.php?customer='.$_SESSION["cartowner"].'&storeid='.$_SESSION["storeid"].'\')" value="Check out">';
                    if(isset($_SESSION["error"])&&$_SESSION["error"]!=NULL){
                        echo '<p class="error">'.$_SESSION["error"].'</p>';
                        $_SESSION["error"]=NULL;
                    }
                echo '</div>';
                echo '<div class="itemList">';
                    echo '<div class="searchPanel">';
                        echo '<h2>Search product in the store</h2>';
                        echo '<form id="form3" name="form3" method="POST" action="">';
                        echo '<label class="text" >Product ID:</label>';
                        echo '<input name="productid" type="TEXT" id="wa" value="'.$proid.'">';
                        echo '<label class="text">Product Name:</label>';
                        echo '<input name="productname" type="TEXT" value="'.$proname.'"><br/>';
                        echo '<label class="text">Category:</label>';
                        echo '<select name="category"> 
                                    <option value="" selected="selected"></option>';
                        $sql6="select product_type from product_types";
                        $result6=mysql_query($sql6);
                        while ($res6=mysql_fetch_row($result6)){
                            $arg="";
                            if($categ==$res6[0]){
                                $arg='selected="selected"';
                            }
                            echo '<option value="'.$res6[0].'" '.$arg.'>'.$res6[0].'</option>';
                        }
                        echo '</select><br/>';
                        echo '<input class="littleButton" type="submit" name="submit" value="Search">';
                        echo '</form>';
                    echo '</div>';
                    if($needResult){
                        echo '<div class="resultPanel">';
                        echo '<h2>Search Result</h2>';
                        $condition1="";
                        $condition2="";
                        $condition3="";
                        if($proid!=""){
                            $condition1="and productid=".$proid." ";
                        }
                        if($proname!=""){
                            $condition2=" and name like '%".$proname."%' ";
                        }
                        if($categ!=""){
                            $condition3=" and product_type='".$categ."' ";
                        }
                        $sql7="select productid,name,price,amount from products,(select pid, sid, price, amount from product_stores where sid=".$_SESSION["storeid"].") ps
                            where productid=pid ".$condition1.$condition2.$condition3;
                        $result7=mysql_query($sql7);
                        while ($res7=mysql_fetch_row($result7)){
                            //echo $res7[0].' '.$res7[1].' '.$res7[2].' '.$res7[3];
                            $numOfOrder=0;
                            $sql8="select sum(amount) from orders where product=".$res7[0]." and store=".$_SESSION["storeid"];
                            $result8=mysql_query($sql8);
                            while ($res8=mysql_fetch_row($result8)){
                                $numOfOrder=$res8[0];
                            }
                            $aamount=$res7[3]-$numOfOrder;
                            echo '<form class="listform" method="POST" action="">';
                                echo '<label class="text" >Product ID:</label>';
                                echo '<input readonly name="bpid" type="TEXT" id="wa" value="'.$res7[0].'">';
                                echo '<label class="text">Product Name:&nbsp;&nbsp;&nbsp;&nbsp;</label>';
                                echo '<input readonly name="bpname" type="TEXT" value="'.$res7[1].'"><br/>';
                                echo '<label class="text">price:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</label>';
                                echo '<input readonly name="bprice" type="TEXT" value="'.$res7[2].'">';
                                echo '<label class="text">Available Amount:</label>';
                                echo '<input readonly name="aamount" type="TEXT" value="'.$aamount.'"><br/>';
                                echo '<label class="text">Amount:&nbsp;&nbsp;&nbsp;&nbsp;</label>';
                                echo '<input name="tamount" type="TEXT"><br/>';
                                echo '<input type="submit" name="submit" value="Add to Cart">';
                            echo '</form>';
                        }
                        echo '</div>';
                    }
                    echo '</div>';
                    echo '<div style="clear:both;"></div>';
                echo '</div>';
            }
        }
        ?>
        
        <?php
        if(isset ($_POST["username"]) and $_POST["username"]!=""and isset ($_POST["password"]) and $_POST["password"]!=""){
                $usr=$_POST["username"];
                $pass=$_POST["password"];
                $sql="select * from `employees` where `account`='".$usr."' and `password`='".$pass."' and position='salesperson';";
                $result=mysql_query($sql);
                $num=mysql_num_rows($result);
                mysql_free_result($result);
                if($num==0){
                    $_SESSION["error"]="Invalid username or password!";
                    echo '<meta http-equiv="refresh" content="0;url=index.php" />';
                }else{
                    $_SESSION["error"]=NULL;
                    $_SESSION["salesman"]=$usr;
                    $sql2="select store from salesperson_stores where salesperson='".$usr."'";
                    $result2=mysql_query($sql2);
                    while ($res2=mysql_fetch_row($result2)){
                         $_SESSION["storeid"]=$res2[0];
                     }
                    echo '<meta http-equiv="refresh" content="0;url=index.php" />';
                }
            }
            if(isset ($_POST["userAccount"]) and $_POST["userAccount"]!=""){
                $account=$_POST["userAccount"];
                $sql="select * from `customers` where `account`='".$account."';";
                $result=mysql_query($sql);
                $num=mysql_num_rows($result);
                mysql_free_result($result);
                if($num==0){
                    $_SESSION["error"]="Invalid user account!, you can <a href='../register/register.php'>Quick Register</a>";
                    echo '<meta http-equiv="refresh" content="0;url=index.php" />';
                }else{
                    $_SESSION["error"]=NULL;
                    $_SESSION["cartowner"]=$account;
                    echo '<meta http-equiv="refresh" content="0;url=index.php" />';
                }
            }
        ?>
        
    </body>
</html>
